The Xbox One aims for supremacy in the battle for home entertainment
Kim Dotcom does well on Mega bug bounties
MEGA BOUNTY. Kim Dotcom's new service reveals the results of its first week of bug hunts. Screen shot from Mega website.
MANILA, Philippines - Kim Dotcom has backed up his promise to reward Mega bug hunters with mega money.
On February 9, Mega put up a post on their site announcing the results of the first week of their vulnerability reward program. The post explained both the criteria for the bounties as well as the bugs found and squashed during the first week of this bug bounty hunt.
Mega's post outlines 6 types of vulnerabilities, based off the severity of issue found:
- Severity class VI: Fundamental and generally exploitable cryptographic design flaws
- Severity class V: Remote code execution on core MEGA servers (API/DB/root clusters) or major access control breaches
- Severity class IV: Cryptographic design flaws that can be exploited only after compromising server infrastructure (live or post-mortem)
- Severity class III: Generally exploitable remote code execution on client browsers (cross-site scripting)
- Severity class II: Cross-site scripting that can be exploited only after compromising the API server cluster or successfully mounting a man-in-the-middle attack (e.g. by issuing a fake SSL certificate + DNS/BGP manipulation)
- Severity class I: All lower-impact or purely theoretical scenarios
The post also mentions the result of the first week, with no class V or VI vulnerabilities found. A number of other vulnerabilities were found in classes I through IV and were, as the post puts it, "fixed within hours."
Congratulations @fransrosen for XSS in #MEGA. Handsome EUR 1000 in Bug Bounty Program twitter.com/fransrosen/sta…
— The Hacker News™ (@TheHackersNews) February 10, 2013
Kim Dotcom also retweeted something from The Hacker News that lent credence to the allure of the vulnerability reward program: someone actually posting their reward email on Twitter. While it wasn't the grand bug that would lead to a 10,000 Euro (US$14,000) payday, it did show a 1000 Euro (approximately US$1337, which stands for 'Elite' in computer leetspeak) reward for the recipient. - Rappler.com
EDITOR'S PICK
-
-
Tumblr users react to Yahoo! takeover
Tumblr users react to the Yahoo! takeover with the wit, irreverence and creativity Tumblr is known for
Who will inherit the throne?
Rappler takes you through the Miss Philippines Earth 2013 competition with these specials:
- Watch the pageant on the front seat through Rappler's live blog.
- Get to know the 48 candidates vying for the title of Miss Philippines Earth 2013.
- Vote for your bet on Rappler's Ms. PH Earth 2013 poll and share your vote on the social media.